Not seeing file/folder delete audit results in Security event log

Hi all.

I have enabled auditing for our main shared folder (and its subfolders) to log success events on file or folder deletion however when I check the security log in event viewer it is not reporting any of these even over the last couple of months and there should be a good few of them by now.

Auditing was set as principal: everyone, special permissions of: delete and delete subfolders and files.

Appreciate any help with this
Tracy
tracyprierNetwork AdministratorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

McKnifeCommented:
Auditing setup is two-fold, one half at the folder, the other half at secpol.msc ->local policies auditing policy - audit object access.
btanExec ConsultantCommented:
Need to search for event such as 4660 - An object was deleted or 4663 - An attempt was made to access an object.
Audit events are only generated for objects that have configured system access control lists (SACLs), and only if the type of access requested (such as Write, Read, or Modify) and the account making the request match the settings in the SACL.
also probably you already may have run the command gpresult /v >C:\gpresult.txt to see the result of group policy
Russ SuterSenior Software DeveloperCommented:
What you've done is tell the OS what to audit when auditing is enabled but you haven't told it to enable auditing. Thank you Microsoft!

This article explains it step by step.

http://www.windowsecurity.com/articles-tutorials/windows_server_2008_security/securing-auditing-high-risk-files-windows-servers.html

You have to enable auditing by group policy if you're in a domain or local policy if not.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Exploring SharePoint 2016

Explore SharePoint 2016, the web-based, collaborative platform that integrates with Microsoft Office to provide intranets, secure document management, and collaboration so you can develop your online and offline capabilities.

McKnifeCommented:
I wonder if anything in my comment was hard to understand.
tracyprierNetwork AdministratorAuthor Commented:
Sorrry about that, my bad :(
btanExec ConsultantCommented:
Am also thinking whether our answers are missing any thing or lacking as I see all referring to auditing.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.